CVE-2024-23142

Q: What is the severity of CVE-2024-23142?

CVE-2024-23142 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Autodesk applications allows remote code execution when processing malicious CAD files (CATPART, STP, MODEL). Attackers can exploit this by tricking users into opening specially crafted files, potentially compromising systems running vulnerable Autodesk software.

7.8 HIGH

Remote Code Execution

📋 TL;DR

A use-after-free vulnerability in Autodesk applications allows remote code execution when processing malicious CAD files (CATPART, STP, MODEL). Attackers can exploit this by tricking users into opening specially crafted files, potentially compromising systems running vulnerable Autodesk software.

💻 Affected Systems

Products:

Autodesk applications using atf_dwg_consumer.dll, rose_x64_vc15.dll, libodxdll

Versions: Multiple versions prior to patches released in 2024

Operating Systems: Windows, Linux, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects applications that parse CATPART, STP, and MODEL files through vulnerable DLLs. Specific product list in vendor advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full remote code execution with system compromise, data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Malware installation, data exfiltration, or system compromise when users open malicious CAD files from untrusted sources.

🟢

If Mitigated

Limited impact with proper file validation, user awareness, and network segmentation preventing successful exploitation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to open malicious file. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Autodesk Security Advisory ADSK-SA-2024-0009

Vendor Advisory: https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009

Restart Required: Yes

Instructions:

1. Review Autodesk Security Advisory ADSK-SA-2024-0009. 2. Identify affected products in your environment. 3. Apply latest patches from Autodesk. 4. Restart systems after patching. 5. Verify patch installation.

🔧 Temporary Workarounds

File Type Restriction

all

Block or restrict processing of CATPART, STP, and MODEL files from untrusted sources.

Application Control

windows

Use application whitelisting to prevent unauthorized Autodesk application execution.

🧯 If You Can't Patch

Implement strict file validation and scanning for CAD files before opening
Segment networks to isolate Autodesk applications and limit lateral movement

🔍 How to Verify

Check if Vulnerable:

Check Autodesk application versions against patched versions in advisory ADSK-SA-2024-0009

Check Version:

Check within Autodesk application Help > About or via system inventory tools

Verify Fix Applied:

Verify installed version matches or exceeds patched version from Autodesk advisory

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Autodesk applications
Multiple failed file parsing attempts
Memory access violations in application logs

Network Indicators:

Unexpected outbound connections from Autodesk applications
File downloads of CAD file types from untrusted sources

SIEM Query:

Process creation where parent process contains 'autodesk' AND (command line contains '.catpart' OR '.stp' OR '.model')

📊 Metadata

CVE ID: CVE-2024-23142

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 25, 2024

Last Updated: December 31, 2025

🔗 References

https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 Vendor Advisory
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0009 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Advance Steel by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Architecture by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Electrical by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Map 3d by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mechanical by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Mep by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Autocad Plant 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

Civil 3d by Autodesk

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

File Type Restriction

Application Control

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities